Security Advisory

CVE-2019-16667

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2019-09-26 18:38:48

Last updated 2024-08-05 01:17:41

Assigner mitre

State PUBLISHED

Description

diag_command.php in pfSense 2.4.4-p3 allows CSRF via the txtCommand or txtRecallBuffer field, as demonstrated by executing OS commands. This occurs because csrf_callback() produces a "CSRF token expired" error and a Try Again button when a CSRF token is missing.

← Browse all CVEs View on cve.org ↗